CVE-2024-35200

CVSS 3.1 Score 5.3 of 10 (medium)

Details

Published May 29, 2024

Updated: Jun 10, 2024

CWE ID 476

Summary

CVE-2024-35200 is a newly disclosed vulnerability affecting NGINX Plus and Open Source (NGINX OSS) when utilizing the HTTP/3 QUIC module. The issue permits undisclosed HTTP/3 requests to trigger NGINX worker processes to terminate. This could potentially lead to denial-of-service conditions or other unintended consequences. It is essential for organizations using NGINX with the HTTP/3 QUIC module to apply the forthcoming patches to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

F5 Networks

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/wLCvtA
https://www.cve.org/CVERecord?id=CVE-2024-35200
https://nvd.nist.gov/vuln/detail/CVE-2024-35200

Back to Vulnerability Database

CVE-2024-35200

CVSS 3.1 Score 5.3 of 10 (medium)

Details

Summary

Affected Vendors

Advisories, Assessments, and Mitigations